AAA/802.1x
AAA/802.1x

SBR MAC-based authenticaton

‎11-06-2007 12:03 AM

Hi there,

We are currently using a 30 day trail of the SBR server. We are looking for a way to import new users into the database of the server. Currently we are trying to authenticate machines via MAC-addresses. This is working but where are trying to automate the process of adding users. So we're trying to import the MAC-address as username and password. We are guessing that this won't work due to password encryption. Is there any way around this, the use of xml files would be very useful for automating this process of importing.

Regards,

Dennis van Heijster
ECN Petten (The Netherlands)
www.ecn.nl/en/

6 REPLIES 6
AAA/802.1x

Re: SBR MAC-based authenticaton

‎11-06-2007 09:49 AM

Dennis,

I don't think the XML stuff will work for you.  For security reasons, you can not import plain text passwords into SBR via XML.

If you are using Global Enterprise Edition, I believe you can use the LCI.  If you using Enterprise Edition, you would need to contact a sales rep to get a license key to test the LCI features.

LCI = LDAP command line interface.  This would allow you to use some LDAP tools to import an LDIF file.

Hope that helps

-Jeff Aronow

AAA/802.1x

Re: SBR MAC-based authenticaton

[ Edited ]
‎11-07-2007 12:48 AM
Jeff,
 
Could you give me some insights on how this works, I'm new to this system. I'm a trainee and I'm trying to get this working for an assignment. I don't know everything and working with LDAP didn't go that well before, don't know that much about it.
 
I've installed the GGE trail version.
 
Dennis van Heijster
ECN Petten (The Netherlands)
www.ecn.nl/en/


*edit
found a chapter in the admin-guide about LCI, looking into it now too



Message Edited by dvan_heijster on 11-07-2007 12:54 AM
AAA/802.1x

Re: SBR MAC-based authenticaton

[ Edited ]
‎11-08-2007 11:15 AM
Dennis, The admin guide is a good place to start. What I would suggest you do would be to use some of the LDAP commands to export some users to an LDIF file. Then you can copy the format and test importing some users. It helps to know a bit about LDAP before you start playing around. However, for what you are looking to do, I think there should be some good stuff in the admin guide. -Jeff Aronow

Message Edited by aronow on 11-08-2007 02:19 PM
AAA/802.1x

Re: SBR MAC-based authenticaton

‎11-09-2007 04:39 AM
I couldn't get it working right with LDAP so I decided to move forward to SQL.
 
So I installed a trail version of MSSQL and trough trail and error got the connection working and with some more experimenting got the mac based authentication correct and also adding profiles to the addresses.
 
I must say that the adminguide wasn't so clear. For example it didn't state that you needed to reboot after certain actions but once I knew the reboot was needed everything worked fine.
AAA/802.1x

Re: SBR MAC-based authenticaton

‎11-13-2007 07:50 PM
Just checking to make sure you know MAC addresses are easily spoofed...
AAA/802.1x

Re: SBR MAC-based authenticaton

‎11-13-2007 11:46 PM
Yes we are aware of this problem. This solution is just a step in between NAC and VMPS. We still have other ways of securing the network besides MAC addresses, they are only used to identify OUR equipment.
Announcements

AAA/802.1X

IC Series Unified Access Control Appliances are hardened, centralized policy servers, combining the user identity, device security state and network location gathered by the UAC Agent to create unique network access control policy per user, per session.

RSS Icon